According to BeyondTrust report, “vast majority of security vulnerabilities are rendered useless provided that Windows 7 is run only through accounts with limited user privileges. In this regard, it’s perhaps worth mentioning that all Win7 accounts are restricted to standard user privileges, a move Microsoft made to increase the security of OS by decreasing platform’s attack area.” “90% of Critical Windows 7 OS vulnerabilities are mitigated by having users log in as standard users. Since Oct 2009 release of Win 7 there’ve been 10 Critical Win7 OS vulnerabilities published. Companies would be better protected against exploitation of 9 of the Critical Win7 vulnerabilities by configuring users without administrator rights,” an excerpt from 2009 Microsoft Vulnerability Analysis report reads. “Of all Win7 vulnerabilities ever published, 57% are mitigated by removing administrator rights. There’ve been a total of 23 Win7 vulnerabilities published to date. First vulnerability was published in Oct 2009, the month Windows 7 was publically released,” BeyondTrust adds in its report.
BeyondTrust 2009 Microsoft Vulnerability Analysis